Detailed Description

Define Documentation

The UEFI spec states (for no apparently good reason) that "When a Deterministic Random Bit Generator (DRBG) is used on the output of a (raw) entropy source, its security level must be at least 256 bits." The EDK2 codebase (mis)interprets this to mean that the call to GetRNG() should fail if given a buffer less than 32 bytes.

Incidentally, nothing in the EFI RNG protocol provides any way to report the actual amount of entropy returned by GetRNG().

In theory, UEFI allows us to specify a trigger time of zero to simply wait for the next timer tick. In practice, specifying zero seems to often return immediately, which produces almost no entropy. Specify a delay of 1000ns to try to force an existent delay.